<?php
namespace YDCMS\core;

class AuthMiddleware
{
    public function handle()
    {
        if (session_status() === PHP_SESSION_NONE) {
            session_start();
        }
        if (!isset($_SESSION['user_id'])) {
            header('Location: /auth/login');
            exit;
        }
    }

    public function isAdmin()
    {
        return isset($_SESSION['user_role']) && $_SESSION['user_role'] === 'admin';
    }

    public function requireAdmin()
    {
        if (!$this->isAdmin()) {
            header('HTTP/1.0 403 Forbidden');
            echo 'Access Denied';
            exit;
        }
    }
} 